It should be noted that this token protection is available only to EAP users. endpoints that authenticate with certificates or PSKs are vulnerable to a MITM enumerating the tokens.

Since issue #191 is up next (tomorrow or thursday), I won't publish a -01 version before #191 is resolved.

On Sep 28, 2010, at 3:24 PM, Yaron Sheffer wrote:

> Hi,
>
> I am obviously in favor of moving the QCD token to the first IKE_AUTH
> message (I opened the issue...), but I think this can only be done once
> Issue #191 is resolved, i.e. when we don't have to worry about token replay.
>
> Reason: the first IKE_AUTH message is susceptible to reading by an MITM
> attacker. If both IKE peers then reuse the SPI values (and therefore the
> token), the attacker will already have it.
>
> Thanks,
> Yaron